In message <20040910142538.GD11936@netmeister.org>, Jan Schaumann writes:
>
>--ZARJHfwaSJQLOEUz
>Content-Type: text/plain; charset=us-ascii
>Content-Disposition: inline
>Content-Transfer-Encoding: quoted-printable
>
>Hi,
>
>I just saw this message on German Usenet that, summarized says:
>
>,----[ from usenet article ]
>|
>| www.netbsd.org can't be reached without ever timing out.  The reason for
>| this is that a gateway throws away non-standard packets received from
>| www.netbsd.org.  Reference:
>| http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=3D20461
>| "When the TCP timestamp option (RFC 1323) is used
>| the extra 12 bytes aren't taken into account when creating a packet so
>| the packet ends up being 12 bytes larger than the maximum segment size
>| announced by the correspondent host + 40 bytes for IP+TCP headers"
>|
>| If the user uses
>|
>|        sysctl net.inet.tcp.rfc1323=3D0
>|
>| under OpenBSD or FreeBSD, the page is loaded normally.
>|
>`----
>
>Without having investigated this at all, does anybody here know if that
>is actually the case and what, if anything, we can do about this?
>

I haven't verified the code; however, according to Section 4.2.2.6 of 
RFC 1122, the complainant's interpretation of the spec is correct.  The 
actual segment size used must take into account the TCP option size.

		--Steve Bellovin, http://www.research.att.com/~smb